Privacy Policy
Last updated: March 22, 2026
1. Data Controller
Data controller:
Erasmus Student Network Liberec z. s.
IČO: 22856218
17. listopadu 590, Koleje Harcov – blok C
460 15 Liberec, Czech Republic
Email: it@esn-liberec.cz
2. Scope of Processing
We process personal data necessary for the operation of the Buddy System and organization of events:
- Identification Data: name, surname, email address
- Authentication Data: password (securely hashed)
- Profile Data: nationality, age, gender, faculty, year of study, hobbies, personal description
- Multimedia: profile photograph
- Communication Data: social links (Instagram, WhatsApp, Facebook)
- Technical Data: IP address, login logs, authentication tokens (JWT)
3. Purpose and Legal Basis
We process personal data based on:
- Consent (Art. 6(1)(a) GDPR): profile information, photos, social links
- Contract (Art. 6(1)(b) GDPR): account creation and use of the Buddy System
- Legitimate Interest (Art. 6(1)(f) GDPR): event organization, system security, internal coordination
You may withdraw your consent at any time.
4. Data Access and Sharing
Your data may be accessed by:
- ESN Liberec Board members and Supporters
- matched Buddy/Student within the system
We do not sell or commercially share personal data.
5. Third-Party Processing
Your data may be processed by:
- Hosting provider (Forpsi VPS, EU) – infrastructure and storage
- Email provider (Google / Gmail) – communication
All providers comply with GDPR standards.
6. Data Transfers Outside the EU
Some services (e.g. Google) may involve transfers outside the EU. These are protected using appropriate safeguards (e.g. Standard Contractual Clauses).
7. Data Retention
We retain data only as necessary:
- Account data: for the duration of the account
- After deletion: up to 30 days
- Inactive accounts: up to 24 months
- Logs (IP, login activity): up to 90 days
8. Public Profile (ESN Team Members)
If your account is promoted (Supporter / Board):
- your name, photo, and position may be publicly displayed
9. Event Photography
Photos and videos may be taken during events. You may request removal at any time.
10. Security
We implement appropriate measures:
- password hashing
- JWT authentication
- access control
11. Cookies and Authentication
We use essential cookies and similar technologies necessary for the operation of the application.
These include authentication mechanisms (such as JWT tokens or session cookies) required for secure login and proper functionality of the service.
These cookies do not require user consent as they are strictly necessary for providing the service.
No tracking, analytics, or marketing cookies are used.
12. Your Rights
You have the right to:
- access your data
- rectify inaccurate data
- request deletion
- restrict processing
- data portability
- withdraw consent
- lodge a complaint with a supervisory authority (Czech Republic: ÚOOÚ)
13. Contact
IT Manager: it@esn-liberec.cz
President: president@esn-liberec.cz
Website: www.esn-liberec.cz